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Abstract 

Simulation  relations  have  been  discovered  in  many  areas:  Computer  Science,  philosophical 
and  modal  logic,  and  set  theory.  However,  the  simulation  condition  is  strictly  a  first-order 
logic  statement.  We  extend  modal  logic  with  modalities  and  axioms,  the  latter’s  modeling 
conditions  are  the  simulation  conditions.  The  modalities  are  normal,  i.e.,  commute  with  either 
conjunctions  or  disjunctions  and  preserve  either  Truth  or  Falsity  (respectively).  The  simulations 
are  considered  arrows  in  a  category  where  the  objects  are  descriptive,  general  frames.  One  can 
augment  the  simulation  modalities  by  axioms  for  requiring  the  underlying  modeling  simulations 
to  be  bisimulations  or  to  be  p-morphisms.  The  modal  systems  presented  are  multi-sorted  and 
both  sound  and  complete  with  respect  to  their  algebraic  and  Kripke  semantics. 


1  Introduction 

A  beneficial  property  of  simulation  relations  is  their  ability  to  allow  the  transfer  of  modal  formu¬ 
las  between  logic  representations  while  preserving  validity.  Simulation  relations  satisfy  a  model 
theoretic  condition  which  is  expressed  as  a  quantified  first-order  logic  statement  and  underwrites 
the  transfer.  A  problem  arises  in  that  the  simulation  condition  is  strictly  a  meta-logical  condition. 
Thus,  the  original  logics  involved  in  the  transfer  cannot  take  advantage  of  this  condition.  The 
consequence  is  that  the  model  theoretic  condition  restricting  the  modal  logics  has  no  visibility  in 
the  logics.  This  runs  counter  to  the  notion  that  model  theoretic  restrictions  or  features  should 
answer  to  some  feature  of  the  logics  being  modeled.  Simulation  logic  lifts  the  transfer  from  a 
model  theoretic  phenomenon  to  a  modal  logic  phenomenon  and  does  not  require  any  quantifiers, 
thus  providing  the  ability  to  use  simulation  reasoning  at  the  modal  logical  level  without  having 
to  drop  down  into  the  semantic  meta-logic.  Additionally,  modal  axioms  can  be  added  to  further 
constrain  the  underlying  condition  (e.g.,  to  force  it  to  be  a  function,  p-morphism  or  bisimulation). 
This  provides  the  advantage  of  expressing  simulations  such  that  the  modal  logic  supporting  the 
simulations  can  be  made  multi-sorted;  each  sort  is  a  “local  logic”.  The  local  logics  may  each  be 
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different  and  hence  targeted  at  a  particular  domain.  The  simulations,  via  simulation  operators, 
provide  the  ability  to  transfer  logical  statements  among  the  domains. 

A  simulation  relation  TZ  \s  a,  binary  relation  between  two  relations  %  and  JC  in  the  following 
form: 

TZxx'  and  Tixy  implies  for  some  y'{K,xy'  and  IZyy), 

If  we  consider  %  as  a  relation  on  a  set  X  and  /C  as  a  relation  on  a  set  Y  then  TZ  can  be  seen  to 
be  a  mapping,  or  more  accurately  a  morphism,  from  {X,%)  to  Thinking  of  these  latter 

two  tuples  as  Kripke  frames,  and  seeing  as  7^  is  a  relation,  it  is  natural  to  ask  whether  TZ  can  be 
used  to  interpret  a  modal  operator  which  connects  two  logics,  one  whose  interpretation  involves 
{X,TL)  and  one  whose  interpretation  involves  (Y,IC).  The  simulation  condition  allows  necessary 
modal  formulas  holding  at  {Y,  1C)  to  be  translated  back  along  the  simulation  relation  to  hold  at 
(A,  TL).  However,  this  translation  occurs  at  the  meta- logical  level  of  the  semantics.  Simulation  logic 
lifts  or  formalizes  this  situation  so  that  it  can  be  stated  in  the  object  language  of  a  logic  through 
a  simulation  axiom.  The  axiom’s  validation  condition  is  precisely  the  definition  of  a  simulation 
relation. 

Typically,  one  would  also  require  the  propositional  atoms  for  both  logics  related  by  a  simulation 
axiom  to  evaluate  identically  in  the  frame  models.  This  is  known  as  the  totality  condition  and 
amounts  to  identifying  the  classical  propositional  fragments  of  the  modal  logics  at  either  end  of  a 
simulation.  We  leave  this  element  to  a  separate  axiom  that  can  either  be  added  or  left  off  depending 
upon  the  application. 

A  simulation  logic  is  a  collection  of  modal  logics,  not  necessarily  all  of  the  same  type,  connected 
by  simulation  operators  whose  interpretation  will  be  handled  by  simulation  relations.  One  adds 
axioms  for  the  simulation  operators,  in  addition  to  the  simulation  axiom,  to  specify  additional 
model  theoretic  properties  of  the  interpreting  morphisms.  We  believe  the  general  idea  can  be 
applied  to  many  different  kinds  of  logics  by  suitably  changing  the  axioms  although  the  axioms  will 
still  remain  modal  axioms  in  essence. 

Simulations,  and  their  symmetric  kin  bisimulations,  were  discovered  independently  within  Com¬ 
puter  Science,  philosophical  logic  and  set  theory  [15].  Bisimulations  capture  a  strong  notion  of 
behavioral  equivalence.  Two  systems  are  bisimilar  precisely  when  their  observable  behavior  is  iden¬ 
tical.  In  the  context  of  labelled  transition  systems,  for  example,  a  relation  TZ  between  systems  P 
and  Q  is  a  bisimulation  if,  and  only  if,  two  conditions  hold:  (1)  for  all  labels  y  and  states  p  and 

fl  fl 

g  of  P  and  Q,  respectively,  pTZq  and  p  p'  implies  there  is  a  Q-state  q'  such  that  q  q'  and 

fl  fl 

p'  TZq'  and  its  “converse”,  (2)  pTZq  and  q  q'  implies  there  is  a  P-state  p'  such  that  p  p'  and 
p'  TZq' .  The  label  y  may  be  an  action,  in  the  case  of  computer  science  oriented  systems,  or  a  Kripke 
relation  in  the  case  of  modal  frames.  The  relation  P  is  a  simulation  of  P  in  Q  if)  and  only  if,  (1) 
holds.  Thus  any  bisimulation  is  a  simulation  (while  the  converse  does  not  hold). 

Within  theoretical  Computer  Science,  bisimulation  and  refinements  to  it  have  received  consid¬ 
erable  attention;  simulation  has  received  relatively  little  attention  by  comparison  (although  some 
study  has  occurred  [7];  see  Sangiorgi  [16],  Chapter  6,  for  an  overview). 

Simulations,  we  believe,  can  have  a  useful  role  in  computer  security  in  particular.  This  motivates 
their  study  in  this  paper.  Consider,  for  instance,  the  following  intuitive  scenario.  Let  P  be  a 
program  in  a  procedural  programming  language  like  C  and  let  M  be  the  machine  code  implementing 
P  produced  by  a  compiler.  “M  simulates  P”  is  tantamount  to  a  statement  of  correctness  for  the 
compiler.  If  M  performing  an  operation  of  P  reaches  state  m,  there  must  be  a  corresponding 
semantic  state  of  P,  say  s,  related  to  m  in  the  simulation  relation. 
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If  one  wishes  to  distinguish  secure  systems  from  insecure  systems  meaningfully,  one  must  ad¬ 
mit  the  expression  of  insecure  systems  into  the  domain  of  discourse  and  the  relative  weakness  of 
simulation  compared  to  bisimulation  is  an  advantage.  A  buffer  overflow  exploit  [17]  occurs  when 
the  argument  to  a  procedure  call,  proc{arg),  exceeds  a  certain  size  threshold,  making  it  possible  for 
a  malicious  agent  to  inject  and  then  execute  arbitrary  machine  instructions  encoded  within  arg. 
While  the  mechanics  underlying  such  exploits  need  not  concern  us  here,  it  should  be  noted  that, 
were  M  bisimilar  to  P,  such  exploits  would  not  be  possible  because  the  behavior  of  implementation 
of  proc{arg)  would  necessarily  be  identical  to  its  behavior  according  to  the  language  semantics. 

From  a  strictly  logical  perspective,  simulation  logic  can  be  seen  as  an  extension  to  partially 
ordered  modalities  [3].  As  an  example  of  partially  ordered  modalities,  if  in  any  model  we  wish  to 
require  that  the  Kripke  relation  T-L\s  a,  subset  of  the  Kripke  relation  1C,  then  this  is  specified  in  the 
logic  by  requiring  the  axiom  [fc]  P  D  [^]  P.  Any  model  validating  this  axiom  will  be  such  that  P 
interpreting  [/i]  is  a  subset  of  JC  interpreting  [fc] . 

There  are  two  generalizations  to  the  partially  ordered  modality  picture  made  possible  by  sim¬ 
ulation  logic.  The  subset  relation  between  two  binary  relations  is  a  simulation  relation  and  as  a 
consequence,  simulation  logic  includes  the  logic  of  partially  ordered  modalities.  The  second  is  that 
a  simulation  relation  can  relate  two  different  modal  frames  whereas  the  partial  order  required  the 
relations  be  on  a  common  modal  frame.  Thinking  categorically  for  a  moment,  a  simulation  relation 
represents  an  arrow  from  one  model  to  another.  In  partially  ordered  modalities,  there  is  a  very  slim 
category,  the  partial  order.  So  in  effect,  we  are  asking  for  more  than  one  reason  to  map  between 
modalities  beyond  mere  subset  inclusion  in  their  interpreting  relations. 

Modal  frames  and  simulation  relations  form  a  category  where  the  simulations  are  the  arrows. 
We  wished  for  a  logic  in  which  we  could  reason  about  these  simulations  because  the  applications 
indicated  above  are  most  naturally  expressed  using  simulations  in  the  reasoning.  Since  simulations 
are  relations,  the  question  becomes  then,  which  parts  of  our  logical  tool  box  can  be  used  to  represent 
this  arrow?  A  simulation  relation  is  just  that,  a  relation.  Naturally,  it  occurs  to  think  of  a  modal 
operator  for  which  the  simulation  relation  can  be  used  for  its  interpretation.  We  modify  an  axiom 
in  Chellas  [6]  and  Lemmon  [13],  which  is  attributed  to  Geach  in  an  earlier  work  [8].  The  idea  is 
to  use  what  Chellas  termed  incestual  relations.  They  yield  a  series  of  axioms  of  a  particular  form. 
The  main  axiom  for  simulation  logic  has  one  of  these  forms.  However,  the  Geach  axiom  uses  a 
single  relation  whereas  simulation  relations  use  at  least  three  relations,  the  two  modal  relations  and 
the  simulation  relation. 

Simulation  logic  is  a  federated  or  modular  logic  in  that  a  simulation  axiom  links  two  modal 
logics  where  each  logic  is  allowed  to  have  its  own  axiom  set.  We  term  these  modal  logics  “local 
logics”.  In  terms  of  our  compiler  example  above,  one  logic  is  for  the  source  code  and  one  logic  is 
for  the  compiled  code.  The  simulation  logic  allows  for  logical  statements  about  the  source  to  be 
“transferred”  to  logical  statements  about  the  compiled  code.  We  work  with  normal  modal  logics, 
although  an  extension  to  non-normal  modal  logics  is  planned. 

2  The  Logic 

The  logic  is,  in  the  terminology  of  Chellas,  a  twist  on  the  logic  for  incestual  relations.  We  assume 
normal  modal  systems  in  this  paper. 
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2.1  Incestual  and  Simulation  Relations 

Chellas  describes  the  general  schema: 


where  k,l,m,n  are  natural  numbers.  0^  stands  for  a  string  of  k  instances  of  the  operator  0,  and 
similarly  for  the  rest. 

As  an  example, 

Tc  =  :  P  D  □  P 

axiomatizes  vacuous  frames  where  Rxx'  implies  x  =  x' . 

The  schema  G  is  valid  in  all  incestual  models,  or  models  which  satisfy 

aR^ (3  and  aR^j  implies  for  some  6,  f3R^S  and  jR^d, 

where,  in  sympathy  with  the  operators,  R^  stands  for  k  fold  relational  composition  Ro  ■  ■  ■  o  R  with 
relational  composition  defined  as  aR  o  Py  iff  there  is  a  /3  such  that  aP/?  and  /JPy.  A  modification 
of  this  schema  defines  a  simulation  from  modal  logic  (now  changing  notation  from  Chellas  to  the 
notation  to  be  used  throughout  this  paper). 


Definition  2.1.1  When  a  relation  TZ  from  the  relation  %  to  the  relation  /C  satisfies  the  following 
condition, 

TZxx'  and  fixy  implies  for  some  y'{lCxy'  and  TZyy), 
it  is  known  as  a  simulation  relation. 

We  prefer  to  depict  the  information  from  this  definition  in  the  following  confluent  diagram, 
appropriating  the  categorical  notation  of  Freyd  and  Scedrov  [11]  (although  the  diagram  is  not 
category  theoretic) 


where  one  reads  from  left  to  right, 

for  all  x,y,x'  such  that  TZxx'  and  Tixy,  there  exists  a  y'  such  that  TCx'y'  and  TZyy' . 

The  schema  G  for  k  =  l  =  m  =  n  =  l\s  also  known  as  the  Geach  axiom  (left): 

0  □  P  3  □  0  P,  (^)  [fc]  P  D  M  {r)  P. 

Working  backwards  from  the  relations  in  the  diagram  and  the  proof  of  the  validity  of  this  modal 
formula,  we  get  (now  using  index  k  to  refer  to  a  particular  modal  operator  and  not  a  natural 
number)  the  formula  on  the  right,  where  the  modal  operators  {r),  [fc],  and  [^]  are  interpreted  by 
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the  relations  TZ,  JC,  and  Ti  respectively.  If  we  simplify  a  bit  and  allow  the  indices  h  and  k  to  refer 
to  a  local  logic  as  well  as  indexing  the  local  logic’s  modal  operators,  and  we  also  assume  there  are 
only  the  modal  operators  [fc] ,  {k)  in  the  logic  at  k  and  similarly  at  h,  the  mental  picture  of  two  local 
logics  h  and  k  semantically  connected  by  a  simulation  TZ  is 


{r> 


■R 


which  should  look  familiar  from  duality  theory  for  modal  logics  where  typically  TZ  is  a  p-morphism. 
Simulation  relations  are  generalizations  of  p-morphisms.  By  allowing  the  p-morphisms  to  be  rela¬ 
tions,  we  allow  for  picking  up  this  bit  of  the  model  theory  of  modal  logics  and  expressing  it  in  the 
logic. 

Notice  that  the  TZ  relation  relates  two  sets  of  worlds,  those  involved  with  Tl  and  those  involved 
with  1C.  We  wish  to  build  this  observation  into  the  core  of  the  logic.  Model  theoretically,  TZ  relates 
two  different  logics.  Simulation  relations  compose  and  the  identity  relation  is  a  simulation  relation. 
The  specification  of  the  logic  needs  to  make  this  apparent.  We  do  this  by  using  a  graph.  Our  models 
are  always  in  the  category  of  descriptive,  general  frames  (DG  frames)  with  simulation  relations  as 
morphisms.  The  indices  h  and  k  above  can  then  be  taken  to  label  nodes  in  a  graph  for  a  simulation 
logic. 

The  axiom  (»■)  [fc]  P  D  [^]  (r)  P  is  somewhat  curious.  P  is  a  formula  at  k  and  so  [*;]  may  be 
applied  to  it.  (r)  maps  the  result  to  a  formula  at  h.  The  consequent  first  maps  P  to  the  logic  at 
h  via  (»■)  and  then  applies  [^].  In  effect,  h  gets  to  import  some  of  the  language  of  k  but  with  no 
access  to  the  internal  structure  of  the  formulas  involved.  Hence,  {r)  is  a  “wrapper”  that  allows  the 
controlled  importation  into  h  of  formulas  from  k. 

2.2  Simulation  Logic 

Observing  the  validity  proof  of  the  Geach  axiom  and  seeing  that  the  form  of  the  semantic  condition  is 
the  same  as  the  form  of  the  definition  for  simularity  minus  the  totality  condition,  we  now  axiomatize 
our  base  logic.  We  assume  the  modal  logics  are  normal.  A  simulation  logic  requires  we  specify 
which  local  logics  are  to  be  present.  This  is  done  with  a  graph.  There  will  be  a  node  for  each 
local  logic.  The  graph  also  contains  an  arrow  for  every  simulation  relation  to  be  present  in  any 
interpretation  of  the  simulation  logic. 

A  local  logic  is  local  in  that  it  is  associated  with  one  node  in  the  graph.  The  accompanying 
notion  of  a  global  logic  does  not  entail  formulas  “spanning”  two  local  logics  in  the  sense  of  P  in  one 
logic  entailing  Q  in  another  where  entailment  is  an  implication  arrow  (and  similarly  with  other  two 


Local  Logic  h 


Local  Logic  k 
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place  connectives).  Each  formula  lives  entirely  within  a  single  local  logic  although  it  may  contain 
subformulas  from  others. 

The  graph  makes  apparent  the  structure  of  the  collection  of  the  local  logics  and  allows  us  to 
use  the  arrows  to  specify  which  simulation  relations  must  exist  in  any  interpretation  of  the  logical 
structure.  Since  there  are  several  modal  operators  that  can  be  defined  for  any  single  relation, 
assigning  an  arrow  for  every  modal  operator  can  get  a  bit  “noisy”.  Using  the  arrows  to  specify 
which  relations  must  exist  in  an  interpretation  simplifies  this. 

The  simulation  logic  graphs  we  use  have  endo- diagrams,  each  of  which  is  a  labeled  node  and  a 
single  endo-arrow  (self-arrow).  Under  interpretation,  this  arrow  is  in  a  commutative  diagram  with 
an  unmentioned  empty  arrow,  in  effect,  giving  the  identity  arrow  a  name  and  indicating  that  it  is 
to  be  a  simulation  arrow.  This  is  necessary  since  the  models  for  the  logic  will  be  a  category  whose 
identity  arrows  will  be  simulations. 

The  notation  dom(r)  refers  to  the  domain  or  source  of  the  arrow  r  in  a  graph  and  cod(r)  refers 
to  the  codomain  or  target  of  the  arrow  r.  We  use  the  locution  (fc)  G  dom(r)  to  refer  to  a  modal 
connective  in  the  logic  associated  the  node  which  is  the  source  for  the  arrow  r.  The  symbol  =  is 
used  for  bi-implication,  i.e.,  P  =  Q  stands  for  P  D  Q  and  Q  D  P. 

We  use  the  following  letter  conventions: 


entity 

description 

h,  k,  1 

nodes  in  a  graph  0 

modalities  at  node  h 

and  similarly  for  modalities  at  nodes  k,  1 

r,  s 

arrows  in  a  graph  0 

(r),  [r] 

forward-looking  modalities  associated  to  arrow  r 
and  similarly  for  the  arrow  s 

[...] 

backward-looking  modalities  associated  to  arrow  r 
and  similarly  for  the  arrow  s 

H,  K,L 

sets  of  worlds  in  an  interpretation  for  the  modalities  at 
h,  k,  1  respectively 

n,)c,c 

modal  relations  interpreting  the  modalities  at  h,  k,  1  respectively 

general,  descriptive  frame  for  the  logic  at  h 

iK,JC,B) 

general,  descriptive  frame  for  the  logic  at  k 

n,s 

simulation  relations  interpreting  modalities  for  arrows  r  and  s 

2.3  Axioms  and  Rules 

The  axioms  schemes  are  presented  below.  Axiom  A1  is  due  to  Meyer  [14],  who  uses  it  to  simplify 
his  axiom  set.  The  rest  of  the  axioms  are  arranged  in  groups.  The  graph  axioms  just  tell  us  that 
to  specify  a  simulation  logic,  we  must  first  specify  a  simulation  graph  detailing  which  local  logics 
there  are  to  be,  which  simulation  arrows  are  to  appear  in  any  model,  and  forcing  identity  arrows 
to  exist  as  simulation  arrows. 

The  A  axioms  are  not  optional  as  they  describe  the  form  of  the  local  logics.  The  A  axioms 
are  all  normal  modal  logics  and  there  is  one  for  each  node  in  the  graph  ©.  Each  local  logic  may 
have  its  own  propositional  atoms  and  local  modalities.  The  B  axiom  B1  forces  the  arrows  in  the 
graph  to  be  interpreted  as  simulation  relations  and  B2  forces  composition  of  arrows  to  hold.  These 
two  axioms  are  not  optional.  The  C  axioms  are  optional;  they  may  be  added  to  the  B  axioms  to 
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force  the  simulation  relations  to  be  bisimulations.  The  D  axioms  may  be  added  to  the  B  axioms  to 
force  the  simulation  relation  to  be  p-morphisms,  i.e.,  simulation  relation  which  are  also  functions. 
One  can  also  add  their  backwards  looking  counterparts  to  force  bisimulations  to  be  p-morphic  in 
reverse  direction.  The  E  axioms  are  optional;  El  forces  propositional  atoms  at  the  domain  of  a 
simulation  arrow  to  be  interpreted  as  they  are  at  the  codomain.  E2  forces  propositional  atoms  at 
the  codomain  of  an  arrow  be  interpreted  as  they  are  at  the  domain. 

Graph 

SI.  A  graph  ©  of  nodes  and  arrows  S2.  An  endo-diagram  for 

A  set  T>  of  endo-diagrams  each  node  in  © 

Axiom  Schemes  A:  For  each  node  in  ©,  and  each  endo-diagram  arrow  i, 

Al.  all  truth  functional  theorems  A2.  Modal  axioms  for  a  logic 

of  a  propositional  logic  at  this  node 

A3.  P=[i\P 

Axiom  Schemes  B:  For  each  arrow  each  r  :  h  ^  k  and  s  :  k  ^  I  in  &,  and  each  modal 
operator  [fc]  G  dom(r),  [fc]  G  cod(r), 

Bl.  (r)  [fc]  P  D  [h]  (r)  P  B2.  (r)  (s)  P  =  (s  o  r'^  P 

Notice  the  axiom  Bl  while  being  a  statement  of  the  logic  at  h  uses  subformulas  [fc]  P  and  P  at 

k. 

Axiom  Schemes  C:  To  force  the  simulation  arrows  to  be  bisimulations,  use  the  following 
axioms  using  backward  looking  possibility,  (•»’•),  on  the  simulation  arrow.  For  each  arrow  r  :  h  ^  k 
and  s  :  A:  ^  Z  in  ©,  and  each  modal  operator  [fc]  G  cod(r),  [^]  G  dom(r) 

Cl.  p  G)  [k]  {r)P  C2.  {s){r^P  =  (^s  o  r'^P 

Adding  both  backwards  and  forwards  operators  should  come  with  axioms  for  residuation; 

C3.  P  D  H  {r)P  C4.  (•r.)[r]  P  D  P 

Axiom  Schemes  D:  To  force  simulation  arrows  to  be  p-morphisms  use  the  following  D  axioms; 
they  force  the  interpreting  relation  to  be  a  function  (just  as  they  would  in  any  normal  modal  logic 
systems): 

Dl.  [r]PD{r)P  D2.  {r)PD[r]P 

Axiom  Schemes  E:  The  axiom  El  is  only  necessary  if  you  wish  the  classical  proposition  logic 
at  dom(r)  to  be  included  in  the  logic  at  cod(r).  It  is  not  strictly  necessary  although  it  does  pick 
up  the  clause  in  the  dehnition  of  simulation  [5]  requiring  this  of  a  simulation. 

For  all  propositional  letters  p, 

El.  p  D  [r]p  E2.  p  D  \r]p 

As  a  simplihcation  which  will  not  detract  from  the  generality  of  the  logic,  we  will  assume  that 
each  local  logic  can  be  interpreted  with  a  single  modal  relation.  This  allows  us  to  equate  a  node 
usually  labeled  h  or  k  with  the  modal  logic  at  that  node. 

Definitions  and  Rules  (Normal  Systems) 

Dehnition  of  Possibility;  (m)  P  -■  [m]  —,P^  m  G  {k,  r} 
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Rules  A:  For  each  local  logic  k, 

hfc  -P  \-k  P  ^  Q 
hfc  Q 

hfc  (-Pi  A  •  •  •  A  Pn)  D  P 
Pfc  (M  -Pi  A  •  •  •  A  [fc]  Pn)  D  [fc]  P 

Rules  B:  For  each  r  :  h—>~  k  arrow  in  ©, 
pfc  (-Pi  A  •  •  •  A  Pn)  D  P 
(H  Pi  A  •  •  •  A  H  Pn)  D  H  P 
Rules  C:  For  each  r  :  k  arrow  in  0, 

Pfe  (Pi  A  •  •  •  A  Pn)  D  P 
Pfc  ([-]-Pi  A  •  •  •  A  [■r.]Pn)  D  [-(P 

where  the  subscripted  F  indicates  to  the  local  logic  to  which  the  proof  sign  attaches. 

We  will  only  be  concerned  with  necessity  and  possibility  operators  and  mostly  the  forward 
versions  since  the  backwards  versions  (for  bisimulation)  are  so  similar.  Other  modal  operators 
definable  for  the  same  relation  (see  [9])  require  other  kinds  of  relations  than  simulation  relations 
for  their  “movement”  among  logics.  We  relegate  these  sorts  of  complications  to  a  sequel  paper. 

From  now  on,  a  simulation  logic  refers  to  the  axiom  schemes  S,  A,  and  B,  and  the  Definition  of 
Possibility,  and  the  rules  A  and  B.  We  will  ignore  the  axiom  schemes  and  rules  C  in  the  interest  of 
conciseness  and  because  handling  those  is  so  similar  to  B.  The  axiom  schemes  D  are  of  interest  and 
we  have  modeling  conditions  for  them.  The  axiom  schemes  E  must  be  handled  quite  separately  in 
the  semantics. 

2.4  Frames  and  Models 

Each  node  in  a  simulation  logic’s  graph  has  a  local  logic  associated  with  it  and  that  local  logic  must 
have  a  DG  frame  associated  with  the  local  logic.  Each  arrow  of  the  graph  must  be  associated  with 
a  simulation  relation.  Each  node  representing  a  distinct  local  logic  must  be  mapped  to  a  distinct 
frame  object  in  any  interpretation.  This  sort  of  informal  way  of  restricting  interpretations  is  the 
result  of  not  treating  the  graph  as  defining  everything  in  a  simulation  logic,  but  the  alternative 
would  make  the  logic  impenetrable. 

We  work  with  DG  frames,  and  in  keeping  with  our  simplification,  assume  there  is  only  one 
modal  relation  per  frame.  More  relations  for  more  modalities  can  be  added  if  needed. 

Definition  2.4.1  (Kupke,  Kurz,  and  Venema  [12])  A  general  frame  is  a  structure  4^  =  (R,4t,A) 
such  that  {H,%)  is  a  Kripke  frame  and  A  is  a  collection  of  so-called  admissible  subsets  of  H  that 
is  closed  under  the  Boolean  operations  and  under  the  operation  [^j  :  A  ->■  A  given  by: 

[ft]  C  ‘^=  {x  e  X  \  T-Lxy  implies  y  G  C} 

with  {h)  C  =  ^  [h]  -iC  where  ->  is  set  complement.  A  general  frame  %  is  called  differentiated  if  for 
all  distinct  x,y  G  Pf  there  is  a  ‘witness’  a  G  A  such  that  y  G  a  while  x  0  a;  tight  if  whenever  y 
is  not  an  PL-successor  of  x,  then  there  is  a  ‘witness’  a  G  A  such  that  y  G  a  while  x  0  (h)  a;  and 
compact  if  P]  7^  0  for  every  subset  Aq  of  A  which  has  the  finite  intersection  property.  A  general 
frame  is  descriptive  if  it  is  differentiated,  tight,  and  compact. 


We  use  the  same  symbol  to  refer  to  the  general  frame  and  its  relation  letting  context  disam¬ 
biguate  the  use.  As  it  is  noted  in  [12],  tightness  can  be  re-expressed  as  a  relation  being  point  closed, 
i.e.,  TZx  (equal  to  TZ{x}),  the  forward  image  of  x  under  TZ,  is  a  closed  set  in  the  topology  generated 
by  the  algebra  A  of  clopen  sets. 

We  use  a  category  of  DG  frames  for  a  simulation  logic. 

Definition  2.4.2  A  simulation  frame  category  has  a  descriptive,  general  frame,  called  a  local 
frame,  for  each  node  in  the  graph,  and  a  point  closed  relation  for  each  arrow.  That  is,  for  r  :  h  ^  k 
in  the  graph,  r ’s  interpretation  TZ  -.TL  ^  K,  must  be  point  closed. 


The  corresponding  Kripke  frame  conditions  for  the  logical  axioms  are 

Frame  Conditions  S: 


ESI. 

A  category  of  local  modal 

FS2.  An  identity  arrow  for 

frames  and  simulations 

the  arrow  in  D  £  T) 

Frame 

Conditions  A:  For  each  node  in  0, 

EAl. 

A  set  of  classical  worlds 

FA2.  Modal  frame  conditions 
for  a  logic  at  this  node 

Frame 

Conditions  B: 

FBI. 

TZxx'  and  TLxy  implies 

FB2.  Frame  category  contains 

3y'{ICx'y'  and  TZyy') 

all  compositions 

Frame 

Conditions  C: 

FCl. 

TZxx'  and  ICx'y'  implies 

FC2.  Frame  category  contains 

3y{'Hxy  and  TZyy') 

all  compositions 

Frame 

Conditions  D: 

EDI. 

3y{TZxy) 

FD2.  {TZxy  and  TZxz)  implies 
y  =  z 

with  the  convention  that  upper  case  script  relation  letters  interpret  modalities  using  lower  case 
Roman  letters.  Each  simulation  frame  category  interpreting  a  simulation  logic  will  have  the  condi¬ 
tions  matching  the  axioms.  The  frame  conditions  S,  A,  and  B  are  always  assumed,  the  others  are 
required  if  the  corresponding  axioms  are  present  in  the  modeled  local  logic. 

We  will  use  slightly  different  frames  for  axioms  El  and  E2;  the  algebras  in  the  local  frames 
will  contain  constants,  one  for  every  atomic  proposition  of  the  local  logic  for  which  the  local  frame 
provides  a  model. 

The  following  proposition  allows  us  to  use  one  DG  frame  per  local  logic. 

Proposition  2.4.3  There  are  no  provable  instances  of  formulas  of  the  form  P»Q  for  •  G  {d.  A,  V} 
with  P  in  one  local  logic  and  Q  in  different  local  logic. 

The  proof  is  an  easy  induction  on  the  axiom  schemes  A-E  and  rules.  The  axioms  B1  and  Cl 
are  the  most  interesting.  Considering  Bl,  P  and  [fc]  P  is  in  the  local  logic  at  k  while  f)  [fc]  P  is  in 
the  local  logic  at  h.  The  formulas  (>■)  P  and  [^]  (»■)  P  are  in  the  local  logic  at  h.  The  consequence  is 
that  no  formula  in  the  logic  has  a  binary  connective  between  formulas  in  two  different  local  logics. 
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Note,  we  stated  the  above  proposition  in  terms  of  formula  “instances”  rather  than  formulas 
because  it  is  possible  to  attach  a  local  logic  to  more  than  one  node  in  the  graph.  In  effect,  this 
would  give  more  than  one  instance  of  the  logic  in  the  entire  simulation  logic. 

In  preparation  for  soundness,  we  must  show  that  the  definition  of  {r)  in  terms  of  [»■]  makes  sense 
in  that  it  does  not  clash  with  the  definition  of  interpretation.  To  wit,  letTZ'.h^khea  simulation: 

xeH^^[r]^pmxeH^  [r] 

iff  there  exists  y  G  KiJZxy  and  y  ^  -iP) 
iff  there  exists  y  £  K  {TZxy  and  y  |=  P) 
iff  X  G  P  1=  (r)  P 

A  simulation  category  model  has  the  usual  sort  of  Kripke  DG  frames  for  every  node  with  a 
valuation  for  each  node.  The  arrows  are  the  simulation  relations. 

Definition  2.4.4  A  simulation  category  model  is  a  simulation  frame  category  with  a  valuation 
and  a  local  frame  for  each  local  logic.  The  local  frame  and  its  valuation  are  called  a  local  model.  A 
valuation  specifies  a  collection  of  points  in  the  local  frame  where  the  atomic  propositions  are  true. 

We  rely  on  heterogeneous  (multisorted)  algebras  [4]  for  the  free  algebra  construction.  The 
categorical  version  is  most  easily  accessible  in  [1]  who  attribute  the  multisorted  (non-categorical) 
case  to  [4] . 

Definition  2.4.5  (Birkhoff  and  Lipson  [4])  A  heterogeneous  algebra  is  a  system  A  =  [.^,F] 
in  which 

1.  AT  =  {Si}  is  a  family  of  non-void  sets  Si  of  different  types  of  elements,  each  called  a  phylum 
of  the  algebra  A.  The  phyla  Si  are  indexed  by  some  set  I;  i.e.,  Si  £  for  i  £  I  (or  are  called 
by  appropriate  names). 

2.  F  =  {fa}  is  a  set  of  Unitary  operations  operations,  where  each  fa  is  a  mapping 

fa  ■  X  Si(^2,a)  X  •  •  •  X  iS'i(n,(a),a)  ^p{a) 

for  some  non-negative  integer  n(a),  function  ia  ■  j  -*■  i{j,  a)  from  n{a)  =  {1,2,...,  n{a)}  to 
I,  and  p{a)  £  L  The  operations  fa  are  indexed  by  some  set  fl;  i.e.,  fa  £  F  for  a  £  fl  (or  are 
called  by  appropriate  names). 

Definition  2.4.6  A  simulation  algebra  appropriate  for  a  simulation  logic  is  a  heterogeneous  algebra 
with  a  modal  algebra,  called  a  local  modal  algebra,  for  each  node  of  a  graph,  identity  modal 
operators  for  each  node,  and  simulation  operators  (r)  and  [»•]  for  every  arrow  r  (including  identity 
arrows)  of  the  graph.  If  the  bisimulation  axioms  are  used,  then  there  are  operators  (•»■•)  and  [•»■•]  in 
the  opposite  direction  than  (r)  and  [»■] .  For  r  :  k  in  the  graph, 

•  [»•]  (a  A  b)  =  [»•]  a  A  [»■]  b; 

•  H  Tfc  =  T/j,  for  T  the  top  of  Boolean  lattice; 

•  (r)  [fc]  a  <  [^]  (r)  a; 
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•  (r)  (s)  a  =  (s  o  r)  a; 

•  [*]  a  =  a,  for  i  the  arrow  in  an  endo-diagram; 

•  if  axioms  schemes  C  are  used 


—  (•»’•)  [^]  a  <  [fc]  {r)a,  if  axiom  schemes  C  are  used; 

—  {s){r^a  =  {s  o  r^a,  if  axiom  schemes  C  are  used; 

—  a  <  [»-]  {r)a, 

—  {r)  [r]  a  <  a. 

•  {r)  a  =  [t"]  a,  if  axiom  schemes  D  are  used. 

The  axioms  El  and  E2  will  be  handled  in  the  next  subsection  where  we  must  add  constant 
operations  and  functions  to  help  interpret  the  propositional  atoms. 

Appropriate  simulation  algebras  give  a  “localization”  view  of  heterogeneous  algebras  which  is 
isomorphic  to  the  definition  given  above.  Each  phylum  Si  with  operators  defined  only  upon  Si  is 
a  local  modal  algebra.  The  operations  associated  with  r  :  h  ^  k  of  the  graph  map  from  a  local 
modal  algebra  to  a  local  modal  algebra.  This  stratifies  the  heterogeneous  simulation  algebra  and 
treats  every  local  modal  algebra  as  an  object  in  the  surrounding  simulation  algebra. 

Algebraic  versions  of  soundness  and  completeness  depend  on  the  Lindenbaum-Tarski  (LT)  al¬ 
gebra.  We  must  first  show  that  the  operators  all  respect  the  congruence  of  bi-implication  induced 
on  the  local  word  algebras  by  the  local  logics.  The  only  operators  not  already  covered  in  previous 
modal  algebraic  work  are  the  simulation  operators. 


Lemma  2.4.7  The  simulation  operators  respect  hi-equivalence. 

Proof:  We  only  show  the  proof  for  (?•),  the  other  simulation  operators  use  similar  principles. 


hfc  P  D  Q  implies  —<Q  D  -iP 

implies  [»•]  -■Q  ^  M  “'-P 
implies  h/j  -■  [»•]  -iP  D  -■  [>■]  -iQ 
iff  hh  (r)  PD{r)Q 


contraposition 
rule  Mediate  Necessitation 
contraposition 
Definition  of  Possibility 


It  easily  follows  that  P  =  Q  implies  hh  (^)  P  =  (»■)  Q- 


Next,  we  must  show  that  the  LT  algebra  is  actually  a  simulation  algebra.  The  only  operators 
that  are  at  issue  are  the  simulation  operators. 


Lemma  2.4.8  The  LT  simulation  operators  satisfy  the  required  properties  for  a  simulation  algebra. 


Proof:  We  only  show  the  proofs  for  [i"],  the  rest  use  similar  principles.  Setting  n  to  0  in  the  rule 
Mediate  Necessitation,  yields  hfe  T  implies  [^]  T.  Hence  L/i  T  D  [/i]  T.  It  is  always  the  case  that 
Lfe  [^]  T  D  T,  hence  [^]  T  =  T  and  so  [^][T]  =  [T]  where  [T]  is  the  equivalence  class  of  T. 

That  h/i  [f-]  P  A  [r]Q  Z)  [’’](P  A  Q)  follows  immediately  from  hkPAQDPAQ  and  the  rule 
Mediate  Necessitation.  Next,  hk  P  A  Q  D  P  and  hk  P  A  Q  D  Q,  so  \-h  ['’](P  A  Q)  D  [»■]  P  and 
\-h  H(E  A  Q)  D  [>■]  Q.  Hence,  h/i  [>-](P  A  Q)  D  [t-]  P  A  [»■]  Q,  and  so  [»'][P  A  Q]  =  H[P]  A  [>-][Q].  ■ 
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Corollary  2.4.9  The  LT  heterogeneous  algebra  is  a  simulation  algebra. 

Proof:  (Proof  Outline)  The  free  heterogeneous  algebra  is  the  usual  algebra  of  equivalence  classes  of 
terms  in  the  variables  as  generators.  One  runs  the  induction  procedure  to  get  the  word  algebras  over 
all  the  local  logics  simultaneously  [4],  then  divide  out  by  the  equalities  in  each  algebra.  Proposition 
2.4.3  shows  that  no  additional  sorts  over  and  above  the  local  modal  algebra  carrier  sets  are  necessary. 
Lemma  2.4.7  shows  that  the  replacement  property  for  the  bi-implication  congruence  holds  for  each 
operator.  Finally,  Lemma  2.4.8  shows  each  LT  operators  satisfy  the  simulation  algebra  axioms.  ■ 

Theorem  2.4.10  Simulation  Logic  is  sound  with  respect  to  the  algebraic  and  simulation  frame 
category  models. 

Proof:  We  need  only  check  the  simulation  axiom.  Soundness  over  the  algebraic  models  is  the  usual 
induction  starting  with  a  valuation  into  a  simulation  algebra  and  then  using  the  fact  that  the  LT 
algebra  is  the  free  algebra  in  the  heterogeneous  class  of  simulation  algebras.  The  free  heterogeneous 
algebras  are  then  used  to  generate  the  universal  arrow  for  any  interpretation  into  a  heterogeneous 
modal  algebra  thus  validating  the  axioms  and  rules. 

We  check  axiom  B1  for  Kripke  models,  the  rest  use  similar  principles.  Assume  x  |=  {r)  [fc]  P. 
To  show,  X  1=  [h]  (r)  P,  we  further  assume  PLxy  for  arbitrary  y.  From  the  first  assumption,  there 
is  some  x'  such  that  TZxx'  and  x'  \=  [fc]  P.  Since,  PLxy  and  TZxx' ,  the  frame  condition  FBI  yields 
ICx'y'  and  TZ-yy'  for  some  y'  and  hence  y'  |=  P.  By  definition,  y  |=  {r)  P.  Since  the  choice  of  y  was 
arbitrary,  by  definition  x  ^  [^]  {r)  P.  m 

The  canonical  frame  is  generated  by  the  LT  algebra;  the  frame’s  admissible  sets  are  those  of 
the  carrier  set  of  the  representation  algebra  (of  the  LT  algebra)  using  the  representation  function 
/?  (see  below).  Let  MA(h),MA(A:)  stand  for  the  local  modal  algebras  and  CF(/i),  CF(/c)  stand  for 
the  canonical  frames  at  h  and  k  respectively.  To  get  a  frame  category  from  the  LT  modal  algebra 
requires  that  one  take  the  (dual)  Stone  spaces  containing  all  the  maximal  filters  of  each  local  algebra 
and  define  the  Kripke  relations  with: 

PLxy  iff  [h]a  G  X  implies  a  G  y. 

Since  [/i]  and  {h)  are  DeMorgan  duals  of  each  other,  PL  admits  an  equivalent  definition: 

PLxy  iff  a  G  y  implies  (h)  a  G  x. 

These  same  definitions  work  for  the  canonical  relation  TZ  for  r  :  h  ^  k  where  now  a  G  MA(A:), 
[f-]  a,  (r)  a  G  MA(/i),  x  G  CF(/i)  and  y  G  CF{k). 

The  modal  completeness  argument  is  the  usual  algebraic  argument  [10]  using  contraposition  and 
the  frame  argument  uses  the  canonical  frame  derived  from  a  representation  theorem  [10,  2].  The 
modal  representation  theorem  represents  a  modal  algebra  as  an  algebra  of  sets  using  the  canonical 
frame  (Stone  space)  of  the  algebra.  One  defines  the  1-1  homomorphism  fd  on  the  Boolean  algebra 
A  =  (A,  A,  V,^)  by: 

(da  =  {x  \  a  G  X  and  x  is  a  maximal  filter}. 

It  is  not  hard  to  show  that  /d[h]a  =  [^]  jda  and  jd  (h)  a  =  (h)  fda.  Set  union,  intersection,  and  set 
complement  interpret  the  classical  logic  logic  connectives  V,  A,  and  The  only  question  is  the 
status  of  (»•),  [»■]  ior  r  -.  h  ^  k. 
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Lemma  2.4.11  For  a  G  MA(A:)  and  {r)  a  G  MA(/;,), 

f3[r]a  =  [?■]  Ida  and  fd  (r)  a  =  (r)  /da. 

Proof:  We  show  the  proof  of  (d  {r)  a  =  (r)  (da,  the  other  is  similar.  From  right  to  left,  let  x  G  CF(/i) 
and  X  G  (»■)  (da.  There  is  some  y  G  CF(A:)  such  that  TZxy  and  y  G  (da,  hence  a  G  y.  Since  TZxy  iff 
b  G  y  implies  (r)  b  G  x,  we  have  (r)  a  G  x.  So  x  G  (d  (r)  a.  Going  the  other  direction,  \ei  x  G  (d  (r)  a, 
so  that  (r)  a  G  x.  Further,  let  y2  =  —x  where  —x  refers  to  the  set  complement  of  x  and  is 
a  maximal  ideal.  y2  is  an  ideal:  61,62  £  2/2  iff  i"^)  bi,  (r)  b2  G  —x  iff  (^)  61  V  (»■)  62  G  —x  {{r)  is  a 
normal  operator)  iff  {r){bi  V  62)  G  —x  iff  61  V  62  G  2/2-  Hence  if  a  G  2/2  then  (r)  a  G  —x  which  is  a 
contradiction,  of  (the  principle  filter  determined  by  a)  and  y2  are  disjoint,  we  can  separate  them 
with  a  maximal  filter-ideal  pair  (y,  —y)  with  a  G  y  and  y2  C  —y  using  Zorn’s  Lemma;  so  y  G  (da. 
Let  b  G  y.  If  (r)  b  G  —x,  then  6  G  —y  and  that  is  a  contradiction.  So  (r)  b  G  x.  By  definition,  TZxy 
holds  and  a  G  y,  so  x  G  (r)  (da.  m 

Theorem  2.4.12  Simulation  Logic  is  complete  with  respect  to  the  simulation  algebras  and  the 
simulation  category  models. 

Proof:  From  Proposition  2.4.3,  we  need  only  concern  ourselves  with  formula  (instances)  which 
sit  entirely  within  a  single  local  logic.  So  one  presents  the  formula  instance  at  issue  and  then 
picks  the  local  logic  for  which  it  must  be  determined  whether  it  is  a  theorem.  The  argument  is  a 
contraposition  argument.  Using  the  LT  heterogeneous  algebra  and  its  canonical  frame  category. 

Note  that  any  theorem  without  an  implication  as  the  main  connective  can  be  outfitted  with 
one  because  h  P  iff  h  T  D  P  where  T  is  the  truth  constant  in  a  local  logic.  Hence  we  need 
only  check  implications.  Suppose  \f  P  TP  Q,  then  [P]  ^  [Q]  in  the  LT  algebra  where  [P],  [Q]  are 
the  bi-implicational  equivalence  classes.  This  along  with  Corollary  2.4.9  is  enough  for  algebraic 
completeness. 

For  frame  completeness,  there  is  maximal  separating  filter  x  such  that  [P]  G  x  and  [Q]  0  x, 
i.e.,  X  G  /3[P]  and  x  0  (d[Q],  so  x  |=  P  and  x  Q.  Therefore  there  is  a  local  model  falsifying  the 
non-theorem,  and  hence  a  simulation  category  model  falsifying  the  non-theorem. 

Taking  the  contrapositive  in  the  algebraic  and  frame  cases  yields  the  required  result.  ■ 

2.5  The  Axiom  Schemes  E 

The  axioms  El  and  E2  requires  some  special  treatment.  We  concentrate  on  El  since  E2  is  entirely 
similar.  The  algebra  will  now  have  a  collection  of  constant  operators,  one  for  each  propositional 
atom  in  the  language. 

Definition  2.5.1  An  E  local  modal  algebra  is  a  local  modal  algebra  with  a  collection  of  constant 
operations.  Note  that  two  constant  operations,  being  functions,  can  point  to  the  same  element  of 
the  local  modal  algebra.  The  Lindenbaum-Tarski  E  local  modal  algebra  has  each  constant  operation 
pointing  out  the  equivalence  class  of  the  propositional  atom  to  which  it  attached.  In  symbols,  if  p 
is  a  propositional  atom,  then  its  constant,  nullary  operation,  Op,  is  such  that  Wp  =  p  in  the  word 
algebra  of  the  logic  and  Op  =  [p]  in  the  LT  algebra.  In  addition  to  any  axioms  necessary  for  the 
local  modal  logic,  we  add  the  axiom 

CTp  <  [^]  CTp 
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for  an  arrow  r  in  the  diagram  to  another  node.  This  effectively  forces  |[p]  <  [f]  |[p]  for  any  interpre¬ 
tation  [— ].  We  also  require  the  logic  at  cod(r)  to  contain  at  least  the  same  propositional  atoms  as 
those  at  dom(r). 

Definition  2.5.2  A  E  local  modal  frame  is  a  descriptive,  general  frame  with  a  collection  of  constant 
functions,  fp,  one  for  each  propositional  atom.  A  constant  function  selects  an  element  of  the  set 
algebra. 

Fix  a  local  modal  algebra.  A  modal  valuations  vary  over  what  gets  assigned  to  the  propositional 
atoms.  Here,  the  valuations  must  be  consistent  with  the  nullary  operations  associated  with  each 
atom.  We  get  the  variation  necessary  for  valuations  by  choosing  different  local  modal  algebras 
which  agree  on  everything  except  the  nullary  operations.  So  the  variation  gets  satisfied  at  a  slightly 
higher  level.  A  similar  statement  holds  for  local  modal  frames.  The  inductive  definition  generating 
interpretations  from  valuations  remains  the  same  and  hence  the  restriction  on  valuations  gets 
transferred  to  interpretations. 

Definition  2.5.3  A  E  local  modal  algebra  valuation,  |— ]  must  take  every  propositional  atom  to 
an  element  of  the  carrier  set  pointed  to  by  the  nullary  operation  for  that  atom,  i.e.,  if  ap  =  a, 
then  Ip]  =  a.  Similarly,  for  a  E  local  modal  frame  and  valuations  |— ],  we  demand  |p]  =  C  if 
fp  =  C.  Also,  we  demand  that  for  r  :  h  ^  k,  the  r  interpreting  relation  TZ  must  respect  the 
constant  functions  in  the  sense  that  x  (z  fp  at  the  local  frame  for  h  and  TZxy  implies  y  G  fp  at  the 
local  frame  for  k. 

For  the  LT  algebra,  ap  =  p  in  the  word  algebra  forces  ap  =  \p]  in  the  LT  algebra.  The  result  is 
that  we  get  the  same  LT  algebra  as  we  would  have  without  the  nullary  constants.  The  universal 
property  of  the  free  algebra  with  respect  to  unique  maps  to  the  other  E  local  modal  algebras 
are  unaffected  since  the  restriction  on  interpretations  will  force  the  unique  maps  to  choose  the 
same  elements  of  the  local  modal  algebras  to  which  the  nullary  operations  point  for  the  respective 
propositional  atoms.  In  the  freeness  diagram  below,  p  indicates  some  propositional  atom  in  the 
language,  a^^^  is  the  carrier  set  of  the  local  modal  logic  for  h  inside  of  the  free  algebra  A,  B  is 
some  other  appropriate  simulation  algebra,  and  /  is  an  induced  interpretation  from  the  freeness 
property  of  A, 


SL{h,kG&) - ~  A={{FAh,FAk},a^^\a^^^  G  Ops) 


The  algebra  B  has  no  notion  of  propositional  atoms.  The  ap,  being  operations,  are  preserved  by  g. 
Hence,  ry(p)  =  ap^^  and  g{r]{p))  =  g{o'p'^^)  =  Since  the  diagram  commutes,  f{p)  =  ap^'^. 

The  extension  to  simulation  algebras  and  simulation  category  models  are  called  E  simulation 
algebras  and  E  simulation  category  models. 
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Theorem  2.5.4  Simulation  logics  with  the  E  axioms  are  sound  and  complete  with  respect  to  E 
simulation  algebras  and  E  simulation  category  models. 

3  Some  Extensions  of  the  Concept 

3.1  Stone  Spaces  and  Their  Morphisms 

The  general  scheme  of  lifting  morphisms  to  create  multi-sorted  logics  connected  via  modal  operators 
appears  to  have  a  wider  potential  than  the  simulation  logic  presented  in  this  paper.  In  effect,  there 
was  nothing  special  per  se  about  using  simulation  relations  other  than  they  work  very  well  in  terms 
of  relating  modal  logics.  Suppose  we  consider  the  category  of  Stone  spaces  and  their  morphisms 
and  ask  what  would  the  multi-sorted  logic  look  like.  We  clearly  want  the  axioms  D1  and  D2  and 
we  always  want  to  use  descriptive  general  frames.  The  multi-sorted  logic  has  a  modal  operator  for 
every  morphism  in  the  graph,  that  morphism  is  always  to  be  a  continuous  map.  Since  the  one-point 
sets  are  closed  in  Stone  spaces,  the  continuous  maps  are  closed  relations. 

3.2  Partially-ordered  Modalities 

In  [3],  we  presented  a  logic  system  with  partially-ordered  modalities.  That  system  can  be  presented 
in  the  current  framework  by  setting  all  the  simulation  relations  to  the  identity  relation.  The  main 
axiom 

[fc]  P  D  [h]P,  h  <  k 

then  is  a  direct  consequence  since  (i)  P  =  P  for  i  being  the  sole  arrow  in  an  endo-diagram. 

3.3  Other  Frame  Relating  Principles 

The  axiom 

(.)  [k]  p  D  [h]  (r)  p 

holds  just  when  for  every  r,  s  :  h  ^  k  in  the  graph,  the  frame  category  has 
Sxx'  and  %xy  implies  there  exists  y' (/Cx'y'  and  IZyy'). 

The  axiom 

[r]  [k]  P  D  [h]  [r]  P 

holds  just  when  for  every  r,  s  :  h  ^  k  in  the  graph,  the  frame  category  has 
TZyz  and  T-Lxy  implies  there  exists  x' {ICx' z  and  TZxx). 

3.4  Relating  the  Simulation  Relations 

We  can  use  partially-ordered  modalities  [3]  in  the  many-sorted  case  by  using  the  axiom  from  that 
paper 

[s]  P  D  [r]  p 

for  r,  s  h  ^  k  in  the  graph  of  the  logic;  hence,  the  interpreting  relations  TZ,S  ^  1C  are  between 
local  frames  such  that  TZ  P  S. 
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Let  {HjT-LjA)  be  the  local  frame  at  h  and  {K,JC,B)  be  the  local  frame  at  k.  If  we  wish  to 
relate  TZ  with  S  via  a  higher-order  simulation,  this  can  be  accomplished  by  reinterpreting  the  first 
axiom  for  the  previous  subsection.  A  higher-order  simulation  from  7^  to  5  is  a  pair  of  relations, 
T  Q  H  X  H  and  'T'  :  K  x  K  such  that 

Txx  and  TZxy  implies  there  exists  y' {Sxy  and  T'yy'). 

This  underwrites  the  axiom 

(t)  [s]PD[r]  {t')P. 

The  property  of  Proposition  2.4.3  still  obtains.  Using  log(/i)  and  log(A:)  to  refer  to  the  logics  at 
those  nodes  of  the  graph,  (t)  :  log{h)  log(/i)  and  {t')  :  log(A:)  log(A:),  and  let  P  £  log(A:);  hence 
(*')  P  £  log(/c).  Since  r  :  h  ^  k  in  the  graph,  [?■]  :  log(A:)  log(/i)  and  so  [»■]  {t')  P  £  log{h).  Since 
s  :  h^  k,  [^]  T*  G  log(/i)  and  (t)  [«]  P  £  log{h).  The  entire  formula  is  in  log(L). 

4  Conclusion 

We  have  shown  that  modal  logic  can  be  extended  to  include  simulation  relations  as  morphisms 
in  their  Kripke  semantics.  This  necessitates  a  multi-sorted  logic  composed  of  local  logics  linked 
by  modal  operators  for  which  the  simulation  relations  provide  morphisms  between  models.  The 
general  approach  appears  to  be  transferrable  to  other  logics  by  observing  that  their  models  usually 
sit  within  a  category  of  models  which  has  its  own  notion  of  morphism.  The  model  morphisms  are 
to  be  looked  at  as  Kripke  relations  spanning  models.  The  fact  that  many  times  these  morphisms 
are  functions  and  may  have  other  properties  leads  to  axioms  constraining  their  modal  connective 
counterparts.  In  fact,  many  of  the  relational  properties  used  in  modal  logics  and  their  related  modal 
axioms  can  be  lifted  to  provide  a  toolbox  of  axioms  for  modalities  that  span  logics. 

One  of  the  central  features  of  the  logics  presented  in  this  paper  is  that  every  formula  sat  entirely 
within  a  single  local  logic.  Complete  generality  would  require  that  feature  to  be  relaxed  and  allow 
formulas  to  span  local  logics.  We  anticipate  the  graphs  that  we  used  in  formulating  simulation 
logics  will  be  made  more  complicated,  in  effect,  promoting  them  to  be  the  categorical  notion  of 
sketch  [18].  In  this  paper,  we  only  use  graphs  and  identity  arrows  to  help  specify  a  simulation  logic 
and  have  no  need  for  general  diagrams,  cones,  and  cocones  of  a  sketch.  For  instance,  one  might 
have  formulas  of  the  form  P  A  Q  where  P  and  Q  are  in  separate  logics.  Providing  models  for  these 
sorts  of  logics  will  require  constructions  that  produce  new  frames  from  old  frames. 
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